Variant weakness

Draft

CWE-11: ASP.NET Misconfiguration: Creating Debug Binary

Debugging messages help attackers learn about the system and plan a form of attack.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and should not be used in production environments. Debug binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to production.

CWE-11: ASP.NET Misconfiguration: Creating Debug Binary

Overview

Background

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-11?

What CVEs are caused by CWE-11?

How do you prevent CWE-11?

How is CWE-11 detected?

What are the consequences of CWE-11?

Is CWE-11 actively exploited?

References

Stay ahead of CWE-11

Overview

Background

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-11?

What CVEs are caused by CWE-11?

How do you prevent CWE-11?

How is CWE-11 detected?

What are the consequences of CWE-11?

Is CWE-11 actively exploited?

References

Stay ahead of CWE-11